A practical and light-weight data capture tool for Xen virtual machine

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Contribution to journalArticlepeer-review


Honeypot is a common solution to investigate attacker's activities, but the data capture tool, one of the key components of high-interaction honeypot architecture, faces a major difficulty: it is very hard to hide its presence. For example Sebek, the de-factor data capture tool, suffers from this problem: the intruder can easily uncover it even without privileged access right. This paper presents a design and implementation of a light-weight "camera" software in Xen virtual machine environment: the camera can be put into the virtual machine honeypot to gather necessary data about intruder's action. The camera tool is named XenKamera, which aims to collect TTY data from consoles of observed honeypot, then replays the collected data in on-line or off-line manner as the administrator wishes. Simply put, XenKamera allows us to watch the intruder as if we were looking over his shoulder while he is typing. In order to prevent the intruder from discovering XenKamera, a special architecture is proposed, so the data recording process becomes stealth, hard to detect and circumvent. To protect the gathered data, the TTY logging is secretly transferred to a separate virtual machine and safely kept there. Experiments demonstrate that XenKamera is effective and reliable. Besides to serve for honeypot purpose, XenKamera is designed to be so light-weight that it is practical and can also be used in the production systems to record the working sessions, and the administrator can rely on the logging data to investigate and trouble-shoot administration.

Original languageEnglish
Pages (from-to)1053-1060
Number of pages8
JournalWSEAS Transactions on Computers
Issue number5
Publication statusPublished - 2006 May 1


  • Computer administration
  • Data capture tool
  • Honeypot
  • Keylogger
  • Linux
  • Stealth communication
  • TTY logging
  • Xen virtual machine

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'A practical and light-weight data capture tool for Xen virtual machine'. Together they form a unique fingerprint.

Cite this